MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
26 use MediaWiki\Api\ApiHookRunner;
27 use MediaWiki\MediaWikiServices;
28 use Wikimedia\ParamValidator\ParamValidator;
29 
36 class ApiQueryTokens extends ApiQueryBase {
37 
38  public function execute() {
39  $params = $this->extractRequestParams();
40 
41  if ( $this->lacksSameOriginSecurity() ) {
42  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
43  return;
44  }
45 
46  $user = $this->getUser();
47  $session = $this->getRequest()->getSession();
48  $salts = self::getTokenTypeSalts();
49 
50  $done = [];
51  $path = [ 'query', $this->getModuleName() ];
52  $this->getResult()->addArrayType( $path, 'assoc' );
53 
54  foreach ( $params['type'] as $type ) {
55  $token = self::getToken( $user, $session, $salts[$type] )->toString();
56  $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
57 
58  if ( !$fit ) {
59  // Abuse type as a query-continue parameter and set it to all unprocessed types
60  $this->setContinueEnumParameter( 'type',
61  array_diff( $params['type'], $done ) );
62  break;
63  }
64  $done[] = $type;
65  }
66  }
67 
76  public static function getTokenTypeSalts() {
77  static $salts = null;
78  if ( !$salts ) {
79  $salts = [
80  'csrf' => '',
81  'watch' => 'watch',
82  'patrol' => 'patrol',
83  'rollback' => 'rollback',
84  'userrights' => 'userrights',
85  'login' => [ '', 'login' ],
86  'createaccount' => [ '', 'createaccount' ],
87  ];
88  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
89  $hookRunner = new ApiHookRunner( $hookContainer );
90  $hookRunner->onApiQueryTokensRegisterTypes( $salts );
91  ksort( $salts );
92  }
93 
94  return $salts;
95  }
96 
109  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
110  if ( is_array( $salt ) ) {
111  $session->persist();
112  return $session->getToken( ...$salt );
113  } else {
114  return $user->getEditTokenObject( $salt, $session->getRequest() );
115  }
116  }
117 
118  public function getAllowedParams() {
119  return [
120  'type' => [
121  ParamValidator::PARAM_DEFAULT => 'csrf',
122  ParamValidator::PARAM_ISMULTI => true,
123  ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
124  ParamValidator::PARAM_ALL => true,
125  ],
126  ];
127  }
128 
129  protected function getExamplesMessages() {
130  return [
131  'action=query&meta=tokens'
132  => 'apihelp-query+tokens-example-simple',
133  'action=query&meta=tokens&type=watch|patrol'
134  => 'apihelp-query+tokens-example-types',
135  ];
136  }
137 
138  public function isReadMode() {
139  // So login tokens can be fetched on private wikis
140  return false;
141  }
142 
143  public function getHelpUrls() {
144  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
145  }
146 }
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:637
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:773
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1378
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:506
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:568
ApiQueryBase
This is a base class for all Query modules.
Definition: ApiQueryBase.php:38
ApiQueryBase\setContinueEnumParameter
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Definition: ApiQueryBase.php:516
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition: ApiQueryTokens.php:36
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:76
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:109
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiQueryTokens.php:143
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiQueryTokens.php:138
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiQueryTokens.php:118
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiQueryTokens.php:129
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiQueryTokens.php:38
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition: ApiHookRunner.php:55
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition: MediaWikiServices.php:223
MediaWiki
The MediaWiki class is the helper class for the index.php entry point.
Definition: MediaWiki.php:43
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:71
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:2944
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition: ParamValidator.php:42